The Germany-based retailer for online home furnishings switched security providers and received more protection services at a lower price.

With 3.6 million consumers visiting e-retailer Westwing each month, the Germany-based merchant is bound to attract cyber criminals, says Usama Dar, chief technology officer at Westwing Home and Living LLC, an online home furnishings retailer.

The online, members-only retailer has 26 million members and operates e-commerce sites in 14 countries, most of which are in Europe, plus sites in Brazil and Russia.

Westwing’s 2015 revenue was $243 million, with the majority of its sales online (the retailer operates a few pop-up shops), Dar says. And with this volume of traffic and sales, comes cybercrime. “We are an attractive target for malicious activity,” Dar says.

Westwing had protected its site from malicious attacks via website security vendor Prolexic Technologies, which is owned by content delivery network and security provider Akamai Technologies Inc.

Last year, Westwing re-evaluated its security provider and found that a different vendor, Imperva, could offer comparable technology for half the price, plus with more tools, Dar says. And so, the retailer switched over to Imperva’s firewall technology.

advertisement

Previously, Westwing paid about 10,000 to 12,000 euros per month (roughly $11,000-$13,250) for the security service, and now it pays about half that, Dar says.

Multiple times a year Westwing receives a high volume of malicious traffic to its site that its firewall will detect and reroute. This is called Distributed Denial of Service protectionand allows the retailer to continue serving shoppers without clogging up its servers to deliver content to bogus traffic, Dar says.

“These are common forms of attack that any online retailer has to face,” Dar says. “We want to make sure the highest amount of time we are available for shoppers 24/7, so it is critical for us to repel attacks that cause disruption.”

A DDoS attack usually takes three to five minutes for the firewall to detect and then reroute the traffic, and the attack ends when the cybercriminal gives up, Dar says. This type of protection is the same Westwing previously had. The e-retailer now has more features served through the Imperva Incapsula Web Application Firewall, which gives Westwing more insight into the vulnerability of its site, Dar says. 

advertisement

The web application firewall alerts the retailer when a criminal attempts a cross-site scripting attack or an SQL injection, both of which are attacks that involve a  criminal trying to hack into a retailer’s system and take customer data.

Cross-site scripting occurs when a criminal injects code, such as JavaScript, onto the site.The script can be used to steal credentials, take over accounts and send clients to websites in the control of the attacker. For example, the criminal uses such an attack to take over an administrator account and gain access to the site administration panel, says Tim Matthews, vice president of marketing for Imperva Incapsula.

An SQL injection occurs when a criminal injects a command into the web URL address or another entry field that will be executed by the website’s database server, in hopes of stealing or modifying data. For example, the attacker uses this to redirect data and receive details about clients who made a purchase with the website, Matthews says.

The Imperva system protects against these attacks, and the system tells Westwing where and how the hacker tried to get in. Knowing where and the how is key in order for Westwing to identify and fix weak spots in its system. Typically, the retailer can fix a vulnerability within 20 to 30 minutes, Dar says.

advertisement

These forms of attack are well known and old, says Jeremy D’Hoinne, research director at technology advisory and research firm Gartner Inc. However, many retailers do not have a large security budget, so they skip more specialized technology, he says.

Westwing’s contract allows it  to use Imperva’s content delivery network, which is a network of servers that delivers web content to consumers based on their location, the origin of the webpage and the location of the server, in order to delivery content faster. Previously, Westwing delivered its own content. After switching to Imperva’s CDN, the e-retailer’s site speed improved between 30% to 40%, Dar says. On mobile devices, the average load time is 4 seconds, and on desktops it is 5.3 seconds, he says.

Westwing tested the software for 15 days before deciding to use it. The retailer then took a few weeks to get the firewall in place, Dar says.

The Imperva firewall technology works with Westwing’s responsive website design. Responsive design is when a single website adjusts to the size of the screen the visitor is viewing, and only requires that the retailer maintain one code base and one set of web content.

advertisement

 

Favorite